IPSEC VPN Login Syslogs
-
Can anyone provide me with the sample syslogs for the ipsec vpn login, logout, connection events., etc
-
NB I use FreeRadius for auth.
1.2.3.4 = WAN
Jul 16 12:04:32 charon 14[NET] <con1|23> sending packet: from 1.2.3.4[4500] to 82.132.224.191[34706] (60 bytes) Jul 16 12:04:32 charon 14[ENC] <con1|23> generating INFORMATIONAL response 7 [ ] Jul 16 12:04:32 charon 14[CFG] <con1|23> received RADIUS Accounting-Response from server 'local_radius_database' Jul 16 12:04:32 charon 14[CFG] <con1|23> sending RADIUS Accounting-Request to server 'local_radius_database' Jul 16 12:04:32 charon 14[IKE] <con1|23> IKE_SA deleted Jul 16 12:04:32 charon 14[IKE] <con1|23> deleting IKE_SA con1[23] between 1.2.3.4[vpn.blahblahblan.net]...82.132.224.191[10.8.7.115] Jul 16 12:04:32 charon 14[IKE] <con1|23> received DELETE for IKE_SA con1[23] Jul 16 12:04:32 charon 14[ENC] <con1|23> parsed INFORMATIONAL request 7 [ D ] Jul 16 12:04:32 charon 14[NET] <con1|23> received packet: from 82.132.224.191[34706] to 1.2.3.4[4500] (68 bytes) Jul 16 12:04:18 charon 14[NET] <con1|23> sending packet: from 1.2.3.4[4500] to 82.132.224.191[34706] (436 bytes) Jul 16 12:04:18 charon 14[ENC] <con1|23> generating IKE_AUTH response 6 [ AUTH CPRP(ADDR DNS SUBNET U_DEFDOM U_SPLITDNS MASK) N(ESP_TFC_PAD_N) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ] Jul 16 12:04:18 charon 14[CFG] <con1|23> received RADIUS Accounting-Response from server 'local_radius_database' Jul 16 12:04:18 charon 14[CFG] <con1|23> sending RADIUS Accounting-Request to server 'local_radius_database' Jul 16 12:04:18 charon 14[IKE] <con1|23> CHILD_SA con1{6} established with SPIs cfb91246_i 07260c80_o and TS 0.0.0.0/0|/0 === 172.16.8.3/32|/0 Jul 16 12:04:18 charon 14[IKE] <con1|23> no virtual IP found for %any6 requested by 'iphone' Jul 16 12:04:18 charon 14[IKE] <con1|23> peer requested virtual IP %any6 Jul 16 12:04:18 charon 14[IKE] <con1|23> assigning virtual IP 172.16.8.3 to peer 'iphone' Jul 16 12:04:18 charon 14[IKE] <con1|23> peer requested virtual IP %any Jul 16 12:04:18 charon 14[IKE] <con1|23> maximum IKE_SA lifetime 28407s Jul 16 12:04:18 charon 14[IKE] <con1|23> scheduling reauthentication in 27867s Jul 16 12:04:18 charon 14[IKE] <con1|23> IKE_SA con1[23] established between 1.2.3.4[vpn.blahblahblan.net]...82.132.224.191[10.8.7.115] Jul 16 12:04:18 charon 14[IKE] <con1|23> authentication of 'vpn.blahblahblan.net' (myself) with EAP Jul 16 12:04:18 charon 14[IKE] <con1|23> authentication of '10.8.7.115' with EAP successful Jul 16 12:04:18 charon 14[ENC] <con1|23> parsed IKE_AUTH request 6 [ AUTH ] Jul 16 12:04:18 charon 14[NET] <con1|23> received packet: from 82.132.224.191[34706] to 1.2.3.4[4500] (84 bytes) Jul 16 12:04:17 charon 14[NET] <con1|23> sending packet: from 1.2.3.4[4500] to 82.132.224.191[34706] (68 bytes) Jul 16 12:04:17 charon 14[ENC] <con1|23> generating IKE_AUTH response 5 [ EAP/SUCC ] Jul 16 12:04:17 charon 14[IKE] <con1|23> EAP method EAP_MSCHAPV2 succeeded, MSK established Jul 16 12:04:17 charon 14[IKE] <con1|23> RADIUS authentication of 'iphone' successful Jul 16 12:04:17 charon 14[IKE] <con1|23> received AUTH_LIFETIME of 275658943s, scheduling reauthentication in 275658403s Jul 16 12:04:17 charon 14[CFG] <con1|23> received RADIUS Access-Accept from server 'local_radius_database' Jul 16 12:04:17 charon 14[CFG] <con1|23> sending RADIUS Access-Request to server 'local_radius_database' Jul 16 12:04:17 charon 14[ENC] <con1|23> parsed IKE_AUTH request 5 [ EAP/RES/MSCHAPV2 ] Jul 16 12:04:17 charon 14[NET] <con1|23> received packet: from 82.132.224.191[34706] to 1.2.3.4[4500] (68 bytes) Jul 16 12:04:17 charon 14[NET] <con1|23> sending packet: from 1.2.3.4[4500] to 82.132.224.191[34706] (108 bytes) Jul 16 12:04:17 charon 14[ENC] <con1|23> generating IKE_AUTH response 4 [ EAP/REQ/MSCHAPV2 ] Jul 16 12:04:17 charon 14[CFG] <con1|23> received RADIUS Access-Challenge from server 'local_radius_database' Jul 16 12:04:17 charon 14[CFG] <con1|23> sending RADIUS Access-Request to server 'local_radius_database' Jul 16 12:04:17 charon 14[ENC] <con1|23> parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ] Jul 16 12:04:17 charon 14[NET] <con1|23> received packet: from 82.132.224.191[34706] to 1.2.3.4[4500] (132 bytes) Jul 16 12:04:17 charon 14[NET] <con1|23> sending packet: from 1.2.3.4[4500] to 82.132.224.191[34706] (100 bytes) Jul 16 12:04:17 charon 14[ENC] <con1|23> generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ] Jul 16 12:04:17 charon 14[CFG] <con1|23> received RADIUS Access-Challenge from server 'local_radius_database' Jul 16 12:04:17 charon 14[CFG] <con1|23> sending RADIUS Access-Request to server 'local_radius_database' Jul 16 12:04:17 charon 14[ENC] <con1|23> parsed IKE_AUTH request 3 [ EAP/RES/NAK ] Jul 16 12:04:17 charon 14[NET] <con1|23> received packet: from 82.132.224.191[34706] to 1.2.3.4[4500] (68 bytes) Jul 16 12:04:17 charon 14[NET] <con1|23> sending packet: from 1.2.3.4[4500] to 82.132.224.191[34706] (68 bytes) Jul 16 12:04:17 charon 14[ENC] <con1|23> generating IKE_AUTH response 2 [ EAP/REQ/PEAP ] Jul 16 12:04:17 charon 14[IKE] <con1|23> initiating EAP_PEAP method (id 0x01) Jul 16 12:04:17 charon 14[CFG] <con1|23> received RADIUS Access-Challenge from server 'local_radius_database' Jul 16 12:04:17 charon 14[CFG] <con1|23> sending RADIUS Access-Request to server 'local_radius_database' Jul 16 12:04:17 charon 14[IKE] <con1|23> received EAP identity 'iphone' Jul 16 12:04:17 charon 14[ENC] <con1|23> parsed IKE_AUTH request 2 [ EAP/RES/ID ] Jul 16 12:04:17 charon 14[NET] <con1|23> received packet: from 82.132.224.191[34706] to 1.2.3.4[4500] (76 bytes) Jul 16 12:04:17 charon 14[NET] <con1|23> sending packet: from 1.2.3.4[4500] to 82.132.224.191[34706] (624 bytes) Jul 16 12:04:17 charon 14[NET] <con1|23> sending packet: from 1.2.3.4[4500] to 82.132.224.191[34706] (1248 bytes) Jul 16 12:04:17 charon 14[ENC] <con1|23> generating IKE_AUTH response 1 [ EF(2/2) ] Jul 16 12:04:17 charon 14[ENC] <con1|23> generating IKE_AUTH response 1 [ EF(1/2) ] Jul 16 12:04:17 charon 14[ENC] <con1|23> splitting IKE message with length of 1812 bytes into 2 fragments Jul 16 12:04:17 charon 14[ENC] <con1|23> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ] Jul 16 12:04:17 charon 14[IKE] <con1|23> sending end entity cert "C=GB, ST=County, L=Town, O=Blah Blah Blah, E=vpn@blahblahblan.net, CN=vpn.blahblahblan.net" Jul 16 12:04:17 charon 14[IKE] <con1|23> authentication of 'vpn.blahblahblan.net' (myself) with RSA signature successful Jul 16 12:04:17 charon 14[IKE] <con1|23> peer supports MOBIKE Jul 16 12:04:17 charon 14[IKE] <con1|23> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jul 16 12:04:17 charon 14[IKE] <con1|23> initiating EAP_IDENTITY method (id 0x00) Jul 16 12:04:17 charon 14[CFG] <con1|23> selected peer config 'con1' Jul 16 12:04:17 charon 14[CFG] <23> looking for peer configs matching 1.2.3.4[vpn.blahblahblan.net]...82.132.224.191[10.8.7.115] Jul 16 12:04:17 charon 14[ENC] <23> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ] Jul 16 12:04:17 charon 14[ENC] <23> unknown attribute type (25) Jul 16 12:04:17 charon 14[NET] <23> received packet: from 82.132.224.191[34706] to 1.2.3.4[4500] (500 bytes) Jul 16 12:04:17 charon 08[NET] <23> sending packet: from 1.2.3.4[500] to 82.132.224.191[627] (341 bytes) Jul 16 12:04:17 charon 08[ENC] <23> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ] Jul 16 12:04:17 charon 08[IKE] <23> sending cert request for "C=GB, ST=County, L=Town, O=Blah Blah, E=vpn@blahblahblan.net, CN=Blah Blah Certification Authority" Jul 16 12:04:17 charon 08[IKE] <23> remote host is behind NAT Jul 16 12:04:17 charon 08[IKE] <23> 82.132.224.191 is initiating an IKE_SA Jul 16 12:04:17 charon 08[ENC] <23> parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ] Jul 16 12:04:17 charon 08[NET] <23> received packet: from 82.132.224.191[627] to 1.2.3.4[500] (476 bytes) Jul 16 12:04:17 charon 08[NET] <22> sending packet: from 1.2.3.4[500] to 82.132.224.191[627] (38 bytes) Jul 16 12:04:17 charon 08[ENC] <22> generating IKE_SA_INIT response 0 [ N(INVAL_KE) ] Jul 16 12:04:17 charon 08[IKE] <22> DH group MODP_2048 inacceptable, requesting MODP_1024 Jul 16 12:04:17 charon 08[IKE] <22> remote host is behind NAT Jul 16 12:04:17 charon 08[IKE] <22> 82.132.224.191 is initiating an IKE_SA Jul 16 12:04:17 charon 08[ENC] <22> parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ] Jul 16 12:04:17 charon 08[NET] <22> received packet: from 82.132.224.191[627] to 1.2.3.4[500] (604 bytes)```